In order to improve the security of ecommerce systems, comprehensive identification and evaluation of system risks are needed. Quantitative description of the risks to ecommerce systems from the perspective of users can make the risk analysis process more pertinent. We determined the security requirement items of a system based on the knowledge of security requirements that users possessed. We took advantage of the operator based on a language assessment scale to calculate the risk factor. We also forecast the cost of the accident. Risk is the product of the accident possibility and the cost of accident. The effectiveness of the method was verified with an example. This work lays the foundation for further research on the risks of ecommerce from the point of view of users.